elston · June 18, 2020 13:11 · Mar 4, 2020 · Feb 28, 2020 · Feb 28, 2020 · Feb 27, 2020
diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -322,7 +322,7 @@ Therefore, instead of using this example from above:
 
 GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdXZ:2016-Global-OpSec-Champion-LyingHillary resume=/dev/mapper/Arch-swap"
 
-Run 'blkid' as root, and find the correct PARTUUID for your external device's encryted partition.
+Run 'blkid' as root, and find the correct PARTUUID for your external device's encrypted partition.
 
 N.B.:  PARTUUIDs are completely unrelated to UUIDs.
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -161,8 +161,7 @@ nano /etc/pacman.d/mirrorlist
 # optional:  make and enjoy some fresh java while the following command completes.  Once completed, you'll only 
 # be a few minutes away from putting your new system to serious work!
 
-pacstrap /mnt base base-devel grub efibootmgr dialog wpa_supplicant linux linux-headers dkms nano 
-dhcpcd netctl lvm2 linux-firmware
+pacstrap /mnt base base-devel grub efibootmgr dialog wpa_supplicant linux linux-headers nano dhcpcd netctl lvm2 linux-firmware
 
 # Create and review FSTAB
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -339,28 +339,6 @@ All other parts of my installation procedure should be followed without modifica
 __________________________
 
 
-One Post-Install Recommendation To Optimize the Speed of All Your Future Installs - Rank Your Mirrors, First!
-
-It's a very simple procedure, and will save you a lot of downloading time over your Arch Linux lifetime, particularly
-if you are planning on doing any mass-installs, like gnome, gnome-extra, kde-meta or similar.
-
-As root, run:
-
-cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak
-rankmirrors -n 6 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist
-
-That will test all the mirrors and grab the six fastest from your location.  It takes a while to complete,
-so go grab a cup of java.  
-
-Upon your return, you'll be ready to put pacman to serious work, as it was intended:  Crazy Fast!
-
-Cheers, and now it is time to Go Rock Your Arch!
-
-HardenedArray
-
-__________________________
-
-
 Multi-OS-Booting Notes:
 
 I UEFI boot and run more than five operating systems from my SSD.

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -161,7 +161,7 @@ nano /etc/pacman.d/mirrorlist
 # optional:  make and enjoy some fresh java while the following command completes.  Once completed, you'll only 
 # be a few minutes away from putting your new system to serious work!
 
-pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant linux linux-headers dkms nano 
+pacstrap /mnt base base-devel grub efibootmgr dialog wpa_supplicant linux linux-headers dkms nano 
 dhcpcd netctl lvm2 linux-firmware
 
 # Create and review FSTAB

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -156,8 +156,8 @@ nano /etc/pacman.d/mirrorlist
 # We will be addressing those issues in our pacstrap command below.
 
 # This installation command provides a decent set of basic system programs which will also support WiFi through 
-# netctl's `wifi-menu` when initially booting into your Arch system.  Having WiFi following is particularly critical
-# for anyone running a modern ultrabook, as most are only equipped with WiFi access to the Net.  Recommended, yet 
+# netctl's `wifi-menu` after initially booting into your Arch system.  Having WiFi following installation is particularly
+# critical for anyone running a modern ultrabook, as most are equipped with WiFi-only access to the Net.  Recommended, yet 
 # optional:  make and enjoy some fresh java while the following command completes.  Once completed, you'll only 
 # be a few minutes away from putting your new system to serious work!
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -155,12 +155,14 @@ nano /etc/pacman.d/mirrorlist
 # The new base-metapackage does not contain a kernel nor an editor and several other important packages.  
 # We will be addressing those issues in our pacstrap command below.
 
-# This installation command provides a decent set of basic system programs which will also support WiFi when initially 
-# booting into your Arch system.  Recommended, yet optional:  make and enjoy some fresh java while the following 
-# command completes.  Once completed, you'll only be a few minutes away from putting your new system to serious work!
+# This installation command provides a decent set of basic system programs which will also support WiFi through 
+# netctl's `wifi-menu` when initially booting into your Arch system.  Having WiFi following is particularly critical
+# for anyone running a modern ultrabook, as most are only equipped with WiFi access to the Net.  Recommended, yet 
+# optional:  make and enjoy some fresh java while the following command completes.  Once completed, you'll only 
+# be a few minutes away from putting your new system to serious work!
 
 pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant linux linux-headers dkms nano 
-dhcpcd linux-firmware
+dhcpcd netctl lvm2 linux-firmware
 
 # Create and review FSTAB
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -32,14 +32,17 @@ https://gist.github.com/HardenedArray/d5b70681eca1d4e7cfb88df32cc4c7e6
 # Download the archlinux-*.iso image from https://www.archlinux.org/download/ and its GnuPG signature.
 # Use gpg --verify to ensure your archlinux-*.iso is exactly what the Arch developers intended.  For example:
 
-$ gpg --verify archlinux-2017.01.01-dual.iso.sig 
-gpg: assuming signed data in 'archlinux-2017.01.01-dual.iso'
-gpg: Signature made Sun 01 Jan 2017 04:06:24 PM UTC
+$ gpg -v archlinux-2019.11.01-x86_64.iso.sig
+gpg: WARNING: no command supplied.  Trying to guess what you mean ...
+gpg: assuming signed data in 'archlinux-2019.11.01-x86_64.iso'
+gpg: Signature made Fri Nov  1 16:34:35 2019 UTC
 gpg:                using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
+gpg: using pgp trust model
 gpg: Good signature from "Pierre Schmitz <[email protected]>" [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC
+gpg: binary signature, digest algorithm SHA256, key algorithm rsa2048
 
 # Burn the archlinux-*.iso  to a 1+ Gb USB stick.  On linux, do something like:
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -146,11 +146,18 @@ nano /etc/pacman.d/mirrorlist
 
 # Install your Arch system
 
+# If you read the contents of https://www.archlinux.org/ you would know the Arch developers made significant
+# changes to the 'base' package in October 2019.
+
+# The new base-metapackage does not contain a kernel nor an editor and several other important packages.  
+# We will be addressing those issues in our pacstrap command below.
+
 # This installation command provides a decent set of basic system programs which will also support WiFi when initially 
 # booting into your Arch system.  Recommended, yet optional:  make and enjoy some fresh java while the following 
 # command completes.  Once completed, you'll only be a few minutes away from putting your new system to serious work!
 
-pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant
+pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant linux linux-headers dkms nano 
+dhcpcd linux-firmware
 
 # Create and review FSTAB
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -234,7 +234,8 @@ GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdXZ:2016-Global-OpSec-Champion-LyingHillar
 # GRUB_ENABLE_CRYPTODISK=y
 
 # Note that you do NOT need to enable that cryptodisk statement to boot your LUKS encrypted / and swap ArchLinux system,
-# assuming you are **NOT** trying to decrypt an encrypted /boot.  If you want to encrypt /boot, continue reading.
+# assuming you are **NOT** trying to decrypt an encrypted /boot.  If you want to encrypt /boot, read my encrypted boot
+# installation guide, which requires an entirely different, and incompatiable, installation procedure.
 
 # Generate Your Final Grub Configuration:
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -43,7 +43,7 @@ Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC
 
 # Burn the archlinux-*.iso  to a 1+ Gb USB stick.  On linux, do something like:
 
-dd bs=4M if=archlinux-***.iso of=/dev/sdX status=progress oflag=sync  
+dd bs=4M if=archlinux-*.iso of=/dev/sdX status=progress oflag=sync  
 
 # If running Windows, use Rufus to burn the archlinux-*.iso to your USB stick in DD mode.
 # Also, if you are running BitLocker to encrypt your Windows system, read my BitLocker notes below, before proceeding.

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -43,7 +43,7 @@ Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC
 
 # Burn the archlinux-*.iso  to a 1+ Gb USB stick.  On linux, do something like:
 
-dd if=archlinux-*.iso of=/dev/sdX bs=16M && sync  
+dd bs=4M if=archlinux-***.iso of=/dev/sdX status=progress oflag=sync  
 
 # If running Windows, use Rufus to burn the archlinux-*.iso to your USB stick in DD mode.
 # Also, if you are running BitLocker to encrypt your Windows system, read my BitLocker notes below, before proceeding.

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -6,12 +6,12 @@
 # also CANNOT be subsequently converted to support an encrypted /boot!!!  A CLEAN INSTALL will be required!
 
 # Therefore, if you want to have an encrypted /boot or will want an encrypted /boot system at some point in the future,
-# follow my encrypted /boot installation guide here:
+# please ONLY follow my encrypted /boot installation guide, which lives here:
 
 https://gist.github.com/HardenedArray/ee3041c04165926fca02deca675effe1
 
-# My encrypted /boot guide varies in several different, critically important ways from the encrypted root and swap 
-# installation process I have outlined below.
+# My encrypted /boot guide varies in several different, critically important, ways from the correct and secure encrypted 
+# root / and swap installation process I have outlined below.
 
 # Note:  This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system.
 
@@ -59,7 +59,7 @@ wifi-menu
 
 # It is possible to access this guide from within your Arch installation environment using the built-in elinks text browser.  
 # For those interested, open a new terminal at tty2 using ctrl-alt-f2, then use elinks to search for 'HardenedArray Gists' 
-# which should return the URL of my Arch installation guide:
+# which should return the URL of my Arch installation guides:
 
 https://gist.github.com/HardenedArray/31915e3d73a4ae45adc0efa9ba458b07
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -2,16 +2,16 @@
 
 # OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  
 
-# Note this encrypted installation method, while perfectly corrent and highly secure, CANNOT support encrypted /boot and 
+# Note this encrypted installation method, while perfectly correct and highly secure, CANNOT support encrypted /boot and 
 # also CANNOT be subsequently converted to support an encrypted /boot!!!  A CLEAN INSTALL will be required!
 
-# Therefore, if you want to have an encrypted /boot or will want an encryted /boot system at some point in the future,
+# Therefore, if you want to have an encrypted /boot or will want an encrypted /boot system at some point in the future,
 # follow my encrypted /boot installation guide here:
 
 https://gist.github.com/HardenedArray/ee3041c04165926fca02deca675effe1
 
-# My encrypted /boot guide varies in several different, highly ways from the encrypted root and swap installation process
-# I have outlined below.
+# My encrypted /boot guide varies in several different, critically important ways from the encrypted root and swap 
+# installation process I have outlined below.
 
 # Note:  This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system.
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -1,7 +1,17 @@
 
 
-# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  Optionally, we will also encrypt
-/boot and then decrypt and mount our entire encrypted system using a single LUKS passphrase entry.
+# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  
+
+# Note this encrypted installation method, while perfectly corrent and highly secure, CANNOT support encrypted /boot and 
+# also CANNOT be subsequently converted to support an encrypted /boot!!!  A CLEAN INSTALL will be required!
+
+# Therefore, if you want to have an encrypted /boot or will want an encryted /boot system at some point in the future,
+# follow my encrypted /boot installation guide here:
+
+https://gist.github.com/HardenedArray/ee3041c04165926fca02deca675effe1
+
+# My encrypted /boot guide varies in several different, highly ways from the encrypted root and swap installation process
+# I have outlined below.
 
 # Note:  This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system.
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -230,100 +230,6 @@ GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdXZ:2016-Global-OpSec-Champion-LyingHillar
 
 grub-mkconfig -o /boot/grub/grub.cfg
 
-# If you are not interested in encrypted /boot, you are almost done!  Skip down to:  # Exit Your New Arch System, below.
-
-++++++++++++++++++++++++++++++++++
-
-**OPTIONAL** Encrypted /boot Configuration and Installation
-
-# Booting from an encrypted /boot is entirely optional, but, if you expect to maintain data privacy, unlike having (almost)
-# mandatory encrypted / and swap, booting from an encrypted /boot provides an extra layer of security for the truly paranoid!
-
-# I spent a great deal of time discussing this topic with a very intelligent Arch developer.  I will hide you from the
-# enormous complexity underlying how grub's code actually achieves this seamless dual encrypted booting and mounting 
-# outcome, but this encrypted /boot sub-procedure is known to work!
-
-# Setting up an encrypted /boot requires further configuration.
-
-# ASSUMING you have followed **ALL** of the above installation steps, now do:
-
-nano /etc/default/grub
-
-# and enable, by uncommenting:
-
-GRUB_ENABLE_CRYPTODISK=y
-
-# then:
-
-nano /etc/mkinitcpio.conf
-
-# Make certain your FILES statement matches this:
-
-FILES=(/crypto_keyfile.bin)
-
-# Ensure that /boot and /boot/efi and / are all mounted with:
-
-df -h
-
-# then ensure your 'pwd' is at / with:
-
-cd /
-
-# Now run these four commands in succession:
-
-dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin
-chmod 000 /crypto_keyfile.bin
-chmod 600 /boot/initramfs-linux*
-cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
-
-# Obviously, adjusting /dev/sdX# to your current root partition on your physical HDD/SSD.
-
-# When prompted for your passphrase with 'luksAddKey' be certain to enter ONLY your current LUKS passphrase,
-
-# This will add your (second) new LUKS random key, now protecting /boot, to Key Slot #1.
-
-# Verify your new key has been correctly added with something like:
-
-cryptsetup luksDump /dev/sda23
-
-# Now run to verify the partition where /boot is mounted on your physical drive:
-
-df -h
-
-# Then run and record the EXACT UUID of your Arch /boot partition:
-
-ls -l /dev/disk/by-uuid
-
-# Now run:
-
-nano /etc/crypttab
-
-# Add a new line in precisely this format:
-
-encryptedBOOT   UUID=YourArch/bootUUIDgoeshere       none    luks,timeout=180
-
-# Of course, alternatively, it is trivial to point /etc/crypttab at a REQUIRED_TO_BE_PRESENT_AT_BOOT external USB stick, etc.
-# I will leave that part up to you to figure out.
-
-# Now run:
-
-mkinitcpio -p linux
-
-# then, re-install grub, and YES, I DO MEAN, a second time:
-
-grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux --modules="part_gpt part_msdos"
-
-# and finally:
-
-grub-mkconfig -o /boot/grub/grub.cfg
-
-# FINISHED!  Now you are completely re-synced with the non-encrypted /boot installers.  Merely exit and umount, as below!
-
-# Enjoy the decryption magic upon your next, and all subsequent, reboots!  Bad Actors will be most uphappy, as if I cared! 
-
-++++++++++++++++++++++++++++++++++
-
-
 # Exit Your New Arch System
 
 exit

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -276,7 +276,7 @@ chmod 000 /crypto_keyfile.bin
 chmod 600 /boot/initramfs-linux*
 cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
 
-# Obviously, adjusting /dev/sdaX# to your current root partition on your physical HDD/SSD.
+# Obviously, adjusting /dev/sdX# to your current root partition on your physical HDD/SSD.
 
 # When prompted for your passphrase with 'luksAddKey' be certain to enter ONLY your current LUKS passphrase,
 
@@ -539,15 +539,15 @@ pacman -S plasma-meta  # This large package set will also provide us with sddm,
 
 systemctl enable sddm
 
+systemctl enable NetworkManager  # After your next reboot you will have full, correct, networking support from boot.
+
 pacman -S kde-applications-meta
 
 pacman -S xdg-user-dirs
 
-systemctl enable NetworkManager  # After your next reboot you will have full, correct, networking support from boot.
-
-# If you want full (English) spelling support for all of your applications, do:
+# If you want full (US English) spelling support for all of your applications, do:
 
-pacman -S hunspell-en hyphen-en libmythes mythes-en aspell-en
+pacman -S hunspell-en_US hyphen-en libmythes mythes-en aspell-en
 
 # Everyone has their own font preferences, but I agree with Arch's initial ttf-font recommendations because they look great!:
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -286,11 +286,13 @@ cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
 
 cryptsetup luksDump /dev/sda23
 
-# Now run:
+# Now run to verify the partition where /boot is mounted on your physical drive:
+
+df -h
 
-lsblk -f
+# Then run and record the EXACT UUID of your Arch /boot partition:
 
-# Verify the partition where /boot is mounted on your physical drive and record the EXACT UUID of your Arch /boot partition.
+ls -l /dev/disk/by-uuid
 
 # Now run:
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -290,19 +290,13 @@ cryptsetup luksDump /dev/sda23
 
 lsblk -f
 
-# and verify the partition where /boot is mounted on your physical drive
+# Verify the partition where /boot is mounted on your physical drive and record the EXACT UUID of your Arch /boot partition.
 
-# now run:
-
-ls -al /dev/disk/by-uuid
-
-# and obtain the EXACT UUID of your Arch /boot partition
-
-# then:
+# Now run:
 
 nano /etc/crypttab
 
-# add a new line in precisely this format:
+# Add a new line in precisely this format:
 
 encryptedBOOT   UUID=YourArch/bootUUIDgoeshere       none    luks,timeout=180
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -290,6 +290,12 @@ cryptsetup luksDump /dev/sda23
 
 lsblk -f
 
+# and verify the partition where /boot is mounted on your physical drive
+
+# now run:
+
+ls -al /dev/disk/by-uuid
+
 # and obtain the EXACT UUID of your Arch /boot partition
 
 # then:

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -300,6 +300,9 @@ nano /etc/crypttab
 
 encryptedBOOT   UUID=YourArch/bootUUIDgoeshere       none    luks,timeout=180
 
+# Of course, alternatively, it is trivial to point /etc/crypttab at a REQUIRED_TO_BE_PRESENT_AT_BOOT external USB stick, etc.
+# I will leave that part up to you to figure out.
+
 # Now run:
 
 mkinitcpio -p linux

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -243,7 +243,7 @@ grub-mkconfig -o /boot/grub/grub.cfg
 # enormous complexity underlying how grub's code actually achieves this seamless dual encrypted booting and mounting 
 # outcome, but this encrypted /boot sub-procedure is known to work!
 
-# Setting up an encrypted /boot requires further configuartion.
+# Setting up an encrypted /boot requires further configuration.
 
 # ASSUMING you have followed **ALL** of the above installation steps, now do:
 
@@ -282,7 +282,7 @@ cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
 
 # This will add your (second) new LUKS random key, now protecting /boot, to Key Slot #1.
 
-# Verify your new key has been coorectly added with something like:
+# Verify your new key has been correctly added with something like:
 
 cryptsetup luksDump /dev/sda23
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -132,7 +132,7 @@ mount /dev/sdXX /mnt/boot/efi
 
 nano /etc/pacman.d/mirrorlist
 
-Copy one or two mirrors near your physical location to the top of the mirrorlist.
+# Copy one or two mirrors near your physical location to the top of the mirrorlist.
 
 # Install your Arch system
 
@@ -190,7 +190,7 @@ nano /etc/mkinitcpio.conf
 HOOKS="base udev autodetect modconf block keymap encrypt lvm2 resume filesystems keyboard fsck"
 
 # Note that recent ArchLinux installation images have shipped with a new version of /etc/mkinitcpio.conf.  The 
-# only difference is that the new version uses '(' and ')' instead of double quotation marks: ' " " '.  Therefore,
+# only difference is that the new version uses '(' and ')' instead of dual double quotation marks: ' " " '.  Therefore,
 # the current HOOKS statement should be:
 
 HOOKS=(base udev autodetect modconf block keymap encrypt lvm2 resume filesystems keyboard fsck)
@@ -210,7 +210,7 @@ grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchL
 
 # Edit /etc/default/grub so it includes a statement like this:
 
-# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdYZ:MyDevMapperMountpoint resume=/dev/mapper/MyVolGroupName-MyLVSwapName"
+GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdYZ:MyDevMapperMountpoint resume=/dev/mapper/MyVolGroupName-MyLVSwapName"
 
 # Maintaining consistency with the examples provided above, you would use something like:
 
@@ -236,12 +236,12 @@ grub-mkconfig -o /boot/grub/grub.cfg
 
 **OPTIONAL** Encrypted /boot Configuration and Installation
 
-Booting from an encrypted /boot is entirely optional, but, if you expect to maintain data privacy, unlike having (almost)
-mandatory encrypted / and swap, booting from an encrypted /boot provides an extra layer of security for the truly paranoid!
+# Booting from an encrypted /boot is entirely optional, but, if you expect to maintain data privacy, unlike having (almost)
+# mandatory encrypted / and swap, booting from an encrypted /boot provides an extra layer of security for the truly paranoid!
 
-I spent a great deal of time discussing this topic with a very intelligent Arch developer.  I will hide you from the
-enormous complexity underlying how grub's code actually achieves this seamless dual encrypted booting outcome, but this 
-encrypted /boot sub-procedure is known to work!
+# I spent a great deal of time discussing this topic with a very intelligent Arch developer.  I will hide you from the
+# enormous complexity underlying how grub's code actually achieves this seamless dual encrypted booting and mounting 
+# outcome, but this encrypted /boot sub-procedure is known to work!
 
 # Setting up an encrypted /boot requires further configuartion.
 
@@ -282,7 +282,7 @@ cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
 
 # This will add your (second) new LUKS random key, now protecting /boot, to Key Slot #1.
 
-# Verify your new Key with something like:
+# Verify your new key has been coorectly added with something like:
 
 cryptsetup luksDump /dev/sda23
 
@@ -314,7 +314,7 @@ grub-mkconfig -o /boot/grub/grub.cfg
 
 # FINISHED!  Now you are completely re-synced with the non-encrypted /boot installers.  Merely exit and umount, as below!
 
-# Enjoy the decryption magic upon your next, and upon all subsequent, reboots!  Bad Actors will be most uphappy, as if I cared! 
+# Enjoy the decryption magic upon your next, and all subsequent, reboots!  Bad Actors will be most uphappy, as if I cared! 
 
 ++++++++++++++++++++++++++++++++++
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -1,6 +1,6 @@
 
 
-# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  Optinally, we will also encrypt
+# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  Optionally, we will also encrypt
 /boot and then decrypt and mount our entire encrypted system using a single LUKS passphrase entry.
 
 # Note:  This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system.

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -201,7 +201,7 @@ HOOKS=(base udev autodetect modconf block keymap encrypt lvm2 resume filesystems
 
 mkinitcpio -p linux
 
-# Install and configure Grub-EFI
+# Install and Configure Grub-EFI
 
 # The correct way to install grub on an UEFI computer, irrespective of your use of a HDD or SSD, and whether you are
 # installing dedicated Arch, or multi-OS booting, is:
@@ -223,96 +223,98 @@ GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdXZ:2016-Global-OpSec-Champion-LyingHillar
 # Uncomment to enable booting from LUKS encrypted devices
 # GRUB_ENABLE_CRYPTODISK=y
 
-# Note that you do NOT need to enable that cryptodisk statement to boot your LUKS encrypted ArchLinux system, assuming you
-are **NOT** trying to unlock an encrypted /boot.
+# Note that you do NOT need to enable that cryptodisk statement to boot your LUKS encrypted / and swap ArchLinux system,
+# assuming you are **NOT** trying to decrypt an encrypted /boot.  If you want to encrypt /boot, continue reading.
 
 # Generate Your Final Grub Configuration:
 
 grub-mkconfig -o /boot/grub/grub.cfg
 
-If you are not interested in encrypted /boot, you are almost done!  Skip down to:  # Exit Your New Arch System, below.
+# If you are not interested in encrypted /boot, you are almost done!  Skip down to:  # Exit Your New Arch System, below.
 
 ++++++++++++++++++++++++++++++++++
 
 **OPTIONAL** Encrypted /boot Configuration and Installation
 
 Booting from an encrypted /boot is entirely optional, but, if you expect to maintain data privacy, unlike having (almost)
-mandatory encrypted / and swap, booting from an encrypted /boot provides an extra measure of security for the truly paranoid!
+mandatory encrypted / and swap, booting from an encrypted /boot provides an extra layer of security for the truly paranoid!
 
-I spent a great deal of time discussing this topic with a very smart Arch developer.  I will hide you from the enormous 
-complexity underlying how grub actually achieves this stupedous dual encrypted booting outcome, but this sub-procedure is
-known to work!
+I spent a great deal of time discussing this topic with a very intelligent Arch developer.  I will hide you from the
+enormous complexity underlying how grub's code actually achieves this seamless dual encrypted booting outcome, but this 
+encrypted /boot sub-procedure is known to work!
 
-Setting up an encrypted /boot requires further configuartion.
+# Setting up an encrypted /boot requires further configuartion.
 
-ASSUMING you have followed **ALL** of the above installation steps, now do:
+# ASSUMING you have followed **ALL** of the above installation steps, now do:
 
-# nano /etc/default/grub
+nano /etc/default/grub
 
-and enable, by uncommenting:
+# and enable, by uncommenting:
 
 GRUB_ENABLE_CRYPTODISK=y
 
-then:
+# then:
 
-# nano /etc/mkinitcpio.conf
+nano /etc/mkinitcpio.conf
 
-Make certain your FILES statement matches this:
+# Make certain your FILES statement matches this:
 
 FILES=(/crypto_keyfile.bin)
 
-Ensure that /boot and /boot/efi and / and / are all mounted with:
+# Ensure that /boot and /boot/efi and / are all mounted with:
 
-# df -h
+df -h
 
-then ensure your 'pwd' is at / with:
+# then ensure your 'pwd' is at / with:
 
-# cd /
+cd /
 
-Now run these four commands in succession:
+# Now run these four commands in succession:
 
-# dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin
-# chmod 000 /crypto_keyfile.bin
-# chmod 600 /boot/initramfs-linux*
-# cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
+dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin
+chmod 000 /crypto_keyfile.bin
+chmod 600 /boot/initramfs-linux*
+cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
 
-Obviously, adjusting /dev/sdaX# to your current root partition on your physical HDD/SSD.
+# Obviously, adjusting /dev/sdaX# to your current root partition on your physical HDD/SSD.
 
-When prompted for your passphrase with 'luksAddKey' be certain to enter ONLY your current LUKS passphrase,
+# When prompted for your passphrase with 'luksAddKey' be certain to enter ONLY your current LUKS passphrase,
 
-This will add your (second) new LUKS random key, now protecting /boot, to Key Slot #1.
+# This will add your (second) new LUKS random key, now protecting /boot, to Key Slot #1.
 
-This can be verified with something like:  cryptsetup luksDump /dev/sda15
+# Verify your new Key with something like:
 
-Now run:
+cryptsetup luksDump /dev/sda23
 
-# lsblk -f
+# Now run:
 
-and obtain the EXACT UUID of your /boot partition
+lsblk -f
 
-then:
+# and obtain the EXACT UUID of your Arch /boot partition
 
-# nano /etc/crypttab
+# then:
 
-add a new line in precisely this format:
+nano /etc/crypttab
 
-encryptedBOOT   UUID=Your/bootUUIDgoeshere       none    luks,timeout=180
+# add a new line in precisely this format:
 
-Now run:
+encryptedBOOT   UUID=YourArch/bootUUIDgoeshere       none    luks,timeout=180
 
-# mkinitcpio -p linux
+# Now run:
+
+mkinitcpio -p linux
 
-then:
+# then, re-install grub, and YES, I DO MEAN, a second time:
 
 grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux --modules="part_gpt part_msdos"
 
-and finally:
+# and finally:
 
 grub-mkconfig -o /boot/grub/grub.cfg
 
-FINISHED!  Now you are completely re-synced with the non-encrypted /boot installers.  Merely exit and umount, as below!
+# FINISHED!  Now you are completely re-synced with the non-encrypted /boot installers.  Merely exit and umount, as below!
 
-Enjoy the decryption magic upon your next, and upon all subsequent reboots!  Bad Actors will be most uphappy, as if I cared! 
+# Enjoy the decryption magic upon your next, and upon all subsequent, reboots!  Bad Actors will be most uphappy, as if I cared! 
 
 ++++++++++++++++++++++++++++++++++
 

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -1,6 +1,7 @@
 
 
-# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.
+# OBJECTIVE:  Install Arch Linux with encrypted root and swap filesystems and boot from UEFI.  Optinally, we will also encrypt
+/boot and then decrypt and mount our entire encrypted system using a single LUKS passphrase entry.
 
 # Note:  This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system.
 
@@ -222,12 +223,100 @@ GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdXZ:2016-Global-OpSec-Champion-LyingHillar
 # Uncomment to enable booting from LUKS encrypted devices
 # GRUB_ENABLE_CRYPTODISK=y
 
-# Note that you do NOT need to enable that cryptodisk statement to boot your LUKS encrypted ArchLinux system.
+# Note that you do NOT need to enable that cryptodisk statement to boot your LUKS encrypted ArchLinux system, assuming you
+are **NOT** trying to unlock an encrypted /boot.
 
 # Generate Your Final Grub Configuration:
 
 grub-mkconfig -o /boot/grub/grub.cfg
 
+If you are not interested in encrypted /boot, you are almost done!  Skip down to:  # Exit Your New Arch System, below.
+
+++++++++++++++++++++++++++++++++++
+
+**OPTIONAL** Encrypted /boot Configuration and Installation
+
+Booting from an encrypted /boot is entirely optional, but, if you expect to maintain data privacy, unlike having (almost)
+mandatory encrypted / and swap, booting from an encrypted /boot provides an extra measure of security for the truly paranoid!
+
+I spent a great deal of time discussing this topic with a very smart Arch developer.  I will hide you from the enormous 
+complexity underlying how grub actually achieves this stupedous dual encrypted booting outcome, but this sub-procedure is
+known to work!
+
+Setting up an encrypted /boot requires further configuartion.
+
+ASSUMING you have followed **ALL** of the above installation steps, now do:
+
+# nano /etc/default/grub
+
+and enable, by uncommenting:
+
+GRUB_ENABLE_CRYPTODISK=y
+
+then:
+
+# nano /etc/mkinitcpio.conf
+
+Make certain your FILES statement matches this:
+
+FILES=(/crypto_keyfile.bin)
+
+Ensure that /boot and /boot/efi and / and / are all mounted with:
+
+# df -h
+
+then ensure your 'pwd' is at / with:
+
+# cd /
+
+Now run these four commands in succession:
+
+# dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin
+# chmod 000 /crypto_keyfile.bin
+# chmod 600 /boot/initramfs-linux*
+# cryptsetup luksAddKey /dev/sdX# /crypto_keyfile.bin
+
+Obviously, adjusting /dev/sdaX# to your current root partition on your physical HDD/SSD.
+
+When prompted for your passphrase with 'luksAddKey' be certain to enter ONLY your current LUKS passphrase,
+
+This will add your (second) new LUKS random key, now protecting /boot, to Key Slot #1.
+
+This can be verified with something like:  cryptsetup luksDump /dev/sda15
+
+Now run:
+
+# lsblk -f
+
+and obtain the EXACT UUID of your /boot partition
+
+then:
+
+# nano /etc/crypttab
+
+add a new line in precisely this format:
+
+encryptedBOOT   UUID=Your/bootUUIDgoeshere       none    luks,timeout=180
+
+Now run:
+
+# mkinitcpio -p linux
+
+then:
+
+grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux --modules="part_gpt part_msdos"
+
+and finally:
+
+grub-mkconfig -o /boot/grub/grub.cfg
+
+FINISHED!  Now you are completely re-synced with the non-encrypted /boot installers.  Merely exit and umount, as below!
+
+Enjoy the decryption magic upon your next, and upon all subsequent reboots!  Bad Actors will be most uphappy, as if I cared! 
+
+++++++++++++++++++++++++++++++++++
+
+
 # Exit Your New Arch System
 
 exit

diff --git a/Efficient Encrypted UEFI-Booting Arch Installation b/Efficient Encrypted UEFI-Booting Arch Installation
@@ -95,7 +95,7 @@ cryptsetup luksOpen /dev/sdXZ 2016-Global-OpSec-Champion-LyingHillary # (or use
 # a very poor idea.  Swap partitions are not controlled by BTRFS so they work fine.  Read the BTRFS ArchWiki before proceeding.  
 # Also note that BTRFS fully supports, detects, and properly configures settings for all modern SSDs, which is the drive type
 # almost everyone should be running when installing ArchLinux!  HDDs are only useful for infrequently accessed data, and 
-# for storing your encrypted backups.
+# for storing your SSD's critical directories as encrypted backups.
 
 # Modify this structure only if you need additional, separate partitions.  The sizes used below are only suggestions.
 # The VG and LV labels 'Arch, root and swap' can be changed to anything memorable to you.  Use your labels consistently, below!